FBI Warns of Dangerous New 'Smishing' Scam Targeting Your Phone

Smishing, a text-based phishing scam, has reached alarming new heights, prompting warnings from the FBI and cities across the United States. The term smishing combines "SMS" and "phishing," and it's become a favorite tool for cybercriminals to trick people into sharing sensitive personal and financial information.

Hackers have reportedly set up over 10,000 fake websites to fuel these scams, targeting both iPhone and Android users with crafty texts. Cities like New York, San Francisco, Boston, and others have sounded the alarm about smishing campaigns where scammers pose as parking violation departments. These fraudulent texts threaten recipients with $35 daily fines for unpaid parking invoices, urging them to click malicious links to "pay" the fines.

The campaign, active since December, has expanded beyond parking fines to include impersonation of toll collection services and even fake delivery service alerts. The FBI's Internet Crime Complaint Center (IC3) received over 2,000 complaints in early 2024 about smishing texts linked to road toll scams, which are believed to be traveling from state to state.

Reports from cybersecurity firm Palo Alto Networks’ Unit 42 reveal that these scams are designed to steal credit card and bank account details. Interestingly, many scam domains use the Chinese .XIN top-level domain (TLD), suggesting possible links to Chinese hacking groups.

Here are some essential tips to protect yourself:

• Verify before trusting: Always confirm the legitimacy of unsolicited texts by contacting the organization directly through verified means.
• Avoid clicking suspicious links: Manually type known URLs into your browser instead of using links from unknown sources.
• Secure your devices: Regularly update operating systems and apps while using reputable antivirus software to detect threats.
• Use a password manager: Protect sensitive information and avoid entering credentials on fraudulent sites.
• Report suspicious activity: Notify your mobile carrier, local law enforcement, or the FBI’s IC3 about questionable texts.
• Consider data removal services: These can help reduce exposure to smishing attacks by removing personal information from public databases.

As these scams evolve, from fake parking fines to bogus toll notifications, vigilance is key. The FBI and cybersecurity experts are urging everyone to stay cautious, block suspicious numbers, and report any unusual activity. Your personal information is worth defending with every tool in your arsenal.